Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2019-14821

Good to know:

icon
icon

Date: September 19, 2019

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.

Language: C

Severity Score

Related Resources (38)

https://access.redhat.com/errata/RHSA-2020:2851
https://www.oracle.com/security-alerts/cpuapr2020.html
https://access.redhat.com/security/cve/CVE-2019-14821
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
https://seclists.org/bugtraq/2019/Nov/11
https://nvd.nist.gov/vuln/detail/CVE-2019-14821
https://seclists.org/bugtraq/2019/Sep/41
https://usn.ubuntu.com/4163-1/
https://usn.ubuntu.com/4162-2/
https://security-tracker.debian.org/tracker/CVE-2019-14821
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14821
https://security.netapp.com/advisory/ntap-20191004-0001/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZQQQANZWQMPILZV7OTS3RGGRLLE2Q7/
https://usn.ubuntu.com/4157-2/
https://access.redhat.com/errata/RHSA-2019:3309
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
http://www.openwall.com/lists/oss-security/2019/09/20/1
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/
https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html
https://access.redhat.com/errata/RHSA-2019:4256
https://usn.ubuntu.com/4162-1/
https://usn.ubuntu.com/4163-2/
https://access.redhat.com/errata/RHSA-2019:4154
https://access.redhat.com/errata/RHSA-2020:0027
https://access.redhat.com/errata/RHSA-2020:0204
https://usn.ubuntu.com/4157-1/
https://bugzilla.redhat.com/show_bug.cgi?id=1746708
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
https://www.debian.org/security/2019/dsa-4531
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14821
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRZQQQANZWQMPILZV7OTS3RGGRLLE2Q7/
https://access.redhat.com/errata/RHSA-2019:3978
https://access.redhat.com/errata/RHSA-2019:3517
https://access.redhat.com/errata/RHSA-2019:3979
https://www.mend.io/vulnerability-database/CVE-2019-14821

Severity Score

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Top Fix

icon

Upgrade Version

Upgrade to version v5.4-rc1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): COMPLETE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us